Skip to content

Commit af9c0ab

Browse files
cofincofin
authored
ci: bump GitHub Actions to Node 24 majors + add dependabot (#459)
* ci: bump actions to Node 24 majors GitHub-hosted runners drop Node.js 20 on 2026-09-16 and force Node 24 as the default on 2026-06-02. The last release warned on every `actions/upload-artifact@v4` invocation. Sweep every Node 20 action. First-party: actions/upload-artifact v4 -> v7 actions/download-artifact v4 -> v7 (skip v8 — hash-mismatch errors by default) actions/setup-python v5 -> v6 actions/upload-pages-artifact v4 -> v5 actions/deploy-pages v4 -> v5 Third-party: docker/setup-qemu-action v3 -> v4 amannn/action-semantic-pull-request v5 -> v6 Untouched (already Node 24 or auto-tracking): actions/checkout@v6, actions/cache@v5, astral-sh/setup-uv@v7, pypa/gh-action-pypi-publish@release/v1. ci.yml has no Node 20 actions and is untouched. * ci: add dependabot config for github-actions + python security Catches future Node-version cutovers and action-side advisories automatically. Two ecosystems: - github-actions: weekly version updates, grouped into a single PR. - uv: security advisories only (open-pull-requests-limit: 0). Version churn across the ~25 optional dependency groups would be noisy; security PRs always go through regardless of the limit.
1 parent c668309 commit af9c0ab

6 files changed

Lines changed: 40 additions & 20 deletions

File tree

.github/dependabot.yml

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
version: 2
2+
updates:
3+
- package-ecosystem: github-actions
4+
directory: /
5+
schedule:
6+
interval: weekly
7+
groups:
8+
actions:
9+
patterns:
10+
- "*"
11+
commit-message:
12+
prefix: ci
13+
14+
- package-ecosystem: uv
15+
directory: /
16+
schedule:
17+
interval: weekly
18+
open-pull-requests-limit: 0
19+
commit-message:
20+
prefix: deps

.github/workflows/docs.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ jobs:
2727
run: uv run python tools/build_docs.py docs-build
2828

2929
- name: Upload Pages artifact
30-
uses: actions/upload-pages-artifact@v4
30+
uses: actions/upload-pages-artifact@v5
3131
with:
3232
path: docs-build
3333

@@ -47,4 +47,4 @@ jobs:
4747
steps:
4848
- name: Deploy to GitHub Pages
4949
id: deployment
50-
uses: actions/deploy-pages@v4
50+
uses: actions/deploy-pages@v5

.github/workflows/pgo-validate.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ jobs:
1212
uses: actions/checkout@v6
1313

1414
- name: Set up Python
15-
uses: actions/setup-python@v5
15+
uses: actions/setup-python@v6
1616
with:
1717
python-version: "3.12"
1818

.github/workflows/pr-title.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,6 @@ jobs:
1515
name: Validate PR title
1616
runs-on: ubuntu-latest
1717
steps:
18-
- uses: amannn/action-semantic-pull-request@v5
18+
- uses: amannn/action-semantic-pull-request@v6
1919
env:
2020
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/publish.yml

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ jobs:
2626
run: uv build --sdist
2727

2828
- name: Upload source artifacts
29-
uses: actions/upload-artifact@v4
29+
uses: actions/upload-artifact@v7
3030
with:
3131
name: source-dist
3232
path: dist/*.tar.gz
@@ -51,7 +51,7 @@ jobs:
5151
run: uv build --wheel
5252

5353
- name: Upload wheel artifacts
54-
uses: actions/upload-artifact@v4
54+
uses: actions/upload-artifact@v7
5555
with:
5656
name: wheels-standard
5757
path: dist/*.whl
@@ -67,12 +67,12 @@ jobs:
6767
uses: actions/checkout@v6
6868

6969
- name: Set up QEMU
70-
uses: docker/setup-qemu-action@v3
70+
uses: docker/setup-qemu-action@v4
7171
with:
7272
platforms: all
7373

7474
- name: Set up Python
75-
uses: actions/setup-python@v5
75+
uses: actions/setup-python@v6
7676
with:
7777
python-version: "3.12"
7878

@@ -164,7 +164,7 @@ jobs:
164164
MYPYC_OPT_LEVEL=3 MYPYC_DEBUG_LEVEL=0 MYPYC_MULTI_FILE=1
165165
166166
- name: Upload wheel artifacts
167-
uses: actions/upload-artifact@v4
167+
uses: actions/upload-artifact@v7
168168
with:
169169
name: wheels-mypyc-py${{ matrix.python-version }}
170170
path: wheelhouse/*.whl
@@ -191,13 +191,13 @@ jobs:
191191
run: uv python install ${{ matrix.python-version }}
192192

193193
- name: Download standard wheel artifacts
194-
uses: actions/download-artifact@v4
194+
uses: actions/download-artifact@v7
195195
with:
196196
name: wheels-standard
197197
path: dist-standard/
198198

199199
- name: Download mypyc wheel artifacts
200-
uses: actions/download-artifact@v4
200+
uses: actions/download-artifact@v7
201201
with:
202202
pattern: wheels-mypyc-*
203203
merge-multiple: true
@@ -230,7 +230,7 @@ jobs:
230230
uses: astral-sh/setup-uv@v7
231231

232232
- name: Download all artifacts
233-
uses: actions/download-artifact@v4
233+
uses: actions/download-artifact@v7
234234
with:
235235
pattern: "*"
236236
merge-multiple: true

.github/workflows/test-build.yml

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,7 @@ jobs:
4343
run: uv build --sdist
4444

4545
- name: Upload source artifacts
46-
uses: actions/upload-artifact@v4
46+
uses: actions/upload-artifact@v7
4747
with:
4848
name: source-dist
4949
path: dist/*.tar.gz
@@ -68,7 +68,7 @@ jobs:
6868
run: uv build --wheel
6969

7070
- name: Upload wheel artifacts
71-
uses: actions/upload-artifact@v4
71+
uses: actions/upload-artifact@v7
7272
with:
7373
name: wheels-standard
7474
path: dist/*.whl
@@ -85,12 +85,12 @@ jobs:
8585

8686
- name: Set up QEMU
8787
if: github.event.inputs.test_matrix == 'full'
88-
uses: docker/setup-qemu-action@v3
88+
uses: docker/setup-qemu-action@v4
8989
with:
9090
platforms: all
9191

9292
- name: Set up Python
93-
uses: actions/setup-python@v5
93+
uses: actions/setup-python@v6
9494
with:
9595
python-version: "3.12"
9696

@@ -151,7 +151,7 @@ jobs:
151151
CFLAGS="-fprofile-use=/tmp/sqlspec-pgo -fprofile-correction -Wno-error=missing-profile -Wno-error=coverage-mismatch"
152152
153153
- name: Upload wheel artifacts
154-
uses: actions/upload-artifact@v4
154+
uses: actions/upload-artifact@v7
155155
with:
156156
name: wheels-mypyc-py${{ matrix.python-version }}
157157
path: wheelhouse/*.whl
@@ -178,13 +178,13 @@ jobs:
178178
run: uv python install ${{ matrix.python-version }}
179179

180180
- name: Download standard wheel artifacts
181-
uses: actions/download-artifact@v4
181+
uses: actions/download-artifact@v7
182182
with:
183183
name: wheels-standard
184184
path: dist-standard/
185185

186186
- name: Download mypyc wheel artifacts
187-
uses: actions/download-artifact@v4
187+
uses: actions/download-artifact@v7
188188
with:
189189
pattern: wheels-mypyc-*
190190
merge-multiple: true
@@ -211,7 +211,7 @@ jobs:
211211
uses: astral-sh/setup-uv@v7
212212

213213
- name: Download all artifacts
214-
uses: actions/download-artifact@v4
214+
uses: actions/download-artifact@v7
215215
with:
216216
pattern: "*"
217217
merge-multiple: true

0 commit comments

Comments
 (0)